BOOM. That’s the sound of a data management time bomb sitting under the pension industry going off at some point in the near future. Data management, whilst it sounds dry, is an area of governance that is one of the most relevant issues for today’s pension industry. The risk of doing a bad job of data management, currently ticking below the surface, not only carries the risk of serious financial penalties, but also holds the industry back in terms of innovations like the long-awaited Pensions Dashboard. Fortunately, there are answers.
Before I get into that, what do we mean by data management? For the purpose of this article, data management is the ability to identify, secure and audit all the data held on a company’s customers. There is an overlap with the field of data security but, as we will see the idea of managing data is broader. With this in mind, why is data management so important to today’s pension industry, and what can companies do to defuse their data management time bomb?
Let’s start with the General Data Protection Regulation (GDPR), which passed into UK law in May 2018, and is the most significant upgrade to data protection law in twenty years. GDPR not only grants sweeping rights to consumers over their own data, but also significantly raises the penalties for failing to protect these rights.
Poor data management can lead to a data breach, which is defined very broadly under GDPR. A breach is not just about loss or theft of data; any unauthorised processing, and even losing access to data, are also considered data breaches. Depending on the severity of the incident and the controls that were in place to prevent it, the fines can reach up to €20 million, or 4% of a company’s global turnover. If a company is not on top of its data management it may not even know there has been a data breach, which GDPR also frowns upon, potentially doubling fines if you don’t detect and report a breach in a timely manner.
Pension companies hold data on consumers that is highly sensitive; not only detailed personal information, such as national insurance number, age and gender, but also financial information about retirement benefits, annual earnings and savings behaviour. Running a pension scheme also generates all sorts of extra data about customers, such as information about tax relief claims and management fees.
Like banks, pension companies have a responsibility to guard their customers’ data safely.
And like banks, the pension industry has had to transition large numbers of customer accounts from paper records into the digital age.
I work at PensionBee, a pension company founded in 2014, that helps consumers get on top of their money by moving it into a single, online pot. We spend a large amount of our time tracking down people’s pension policies, which means we get the opportunity to communicate with almost all of the UK’s pension providers and learn about how they manage their customers’ data. One of the clearest signals of a problem lurking under the surface is the sheer amount of paper that our industry generates. People can and do move their pensions between providers and so often this transfer of data is on paper; quite possibly the only transaction that person will carry out using paper all year. Let’s be clear; paper is a problem. It can get lost, it can get wet, it can be left on a bus, and it’s easy to make mistakes when you’re manually transferring the contents of paper onto a computer system. Transitioning entirely to digital storage, processing and transfer is key to managing the large amount of data generated by the industry.
This is not a controversial point of view, however it is not obvious how to react to it if you are already immersed in a forest of paper processes. The pension industry has been around for a long time; in the UK pensions have been around since at least 1908, and several of its biggest players trace their origins back hundreds of years. Modern digital systems co-exist alongside old fashioned paper-based processes, and it is here that we need to take aim. How do you digitise a dead tree industry? There are three principles that you need to follow to get your data into digital form.
Leave only (digital) footprints: The first principle is to generate no more paper, and thereby stop contributing to the problem. This might sound easy, but there is a lot of fear in the industry that not sending out paper copies of policy documents or customer communication will leave people exposed to abuse. This is the opposite of the truth: you can’t track whether someone has read a letter, whereas you can know if an email or a digital document has been opened; documents get lost in the post (shockingly frequently), whereas emails and digital downloads get delivered in an auditable way. So just stop.
Digitise at source: Next, look at all the entry points to the business and start the process of digitisation there. The post room is likely to be the main bottleneck. It used to be a mammoth task to digitise incoming mail in real time, but technology has now advanced to the point where a machine can take care of opening, scanning, reading and routing digital copies of letters to the correct department with minimal human assistance. Just ask lawyers, who routinely install post room automation, in order to reduce the chance of missing documents and the risk of lawsuits, not to mention the tedium of processing large volumes of documents by hand.
Maintain a ‘golden record’: A key principle is to avoid duplicating data – there should be one master record for each collection of data, and your team should know where that lives. When that data is needed in different business scenarios and departments, live links between systems (or regular batch sync jobs) should be used. Copying and pasting data between systems creates a data maintenance headache and should be avoided.
These principles are hard to implement without a strong culture of respect for customer data. It is important to train your company’s employees, from their first day, to see data as the crown jewels of the business. Create a culture where people are mindful about data management. This goes hand-inhand with good information security training, but encourages people to ascribe a physical quality and value to data and to think hard about what they are doing with it, where they are putting it and who they are giving it to.
It’s helpful to look for tangible pressures pushing the industry in the direction of digitisation and good data management, other than the shadow of a data breach, which everyone assumes will happen to someone else. Fortunately, pensions are in the papers regularly as updates come out about the Government-led Pensions Dashboard. This is a good example of something that requires a solid base of digitally encoded data in order to provide universal coverage and a usefully comprehensive picture of your pension benefits, both policy objectives of this work. Simply put, without solid data management there is no way that the industry can deliver a platform that will bring positive consumer outcomes. It’s time for the industry to rally around this initiative, move away from paper, and roll out strong data management practices that can benefit consumers everywhere.
Jonathan Lister Parsons
CTO – PensionBee